Javascript 来自PhantomJS的意外结果
我试图写一个脚本来检查一些网站的安全问题。我正在向window对象添加_domlog函数,当我传递此URL时应调用该函数,例如:Javascript 来自PhantomJS的意外结果,javascript,google-chrome,console,phantomjs,Javascript,Google Chrome,Console,Phantomjs,我试图写一个脚本来检查一些网站的安全问题。我正在向window对象添加_domlog函数,当我传递此URL时应调用该函数,例如: https://domgo.at/cxss/example/1?payload=abcd&sp=x#1</iframe></style></script></object></embed></textarea><img src=x onerror=__domlog(0,0,51)&g
https://domgo.at/cxss/example/1?payload=abcd&sp=x#1</iframe></style></script></object></embed></textarea><img src=x onerror=__domlog(0,0,51)><!--/*
问题是没有调用此函数,并且page.onsolemessage没有显示任何错误。当我在Chrome中请求相同的链接时,将请求uudomlog函数。据我所知,phantomJS是基于Chrome的,我想问一下我是否犯了一些错误
function validateExploit(url, callback) {
console.log('Validating ..');
var page = require('webpage').create();
page.onConsoleMessage = function(msg, lineNum, sourceId) {
console.log('CONSOLE: ' + msg + ' (from line #' + lineNum + ' in "' + sourceId + '")');
};
page.onCallback = function (data) {
result = data;
console.log(' -> Exploit successful');
};
page.onInitialized = function () {
page.evaluateJavaScript('function(){location.href = decodeURI(location.href);}');
page.customHeaders = { "X-XSS-Protection": "0" };
page.evaluate(function () {
window.__domlog = function (findingId, exploitId, tabId) {
window.callPhantom({
'success': true,
'findingId': findingId,
'exploitId': exploitId,
'tabId': tabId
});
};
});
};
page.open(url, function (status) {
page.close();
callback(result);
console.log(' -> Page closed. Exploit found: ' + result.success);
});
}